General
-
Target
VoidOfSpace_Stable.2.3.rar
-
Size
69.0MB
-
Sample
230430-sw6jqaab49
-
MD5
bda1a5d8eb2a141f3d224bff96e5f833
-
SHA1
809570cc05105eb4552cde6ee6d45a669d37192c
-
SHA256
5638573bcee7723bde67101a9634c9902f6f0b2d7b398e14687dc3f5bc2666db
-
SHA512
0a1c833029dc46b1997573d269086a47eccdba72543853f5c77e1db051272adfeb83e35243f56b9b0004df622bf9877a72d7a438c4d0aa96f81667644df884ff
-
SSDEEP
1572864:+jddGvaZ2za8JBthhAQaRAVvhHUzqkbeIq6o3Lu4SYgCym0L2n:iGvaZD8HzmQ++Z8qkbeIqz3LuLDL2n
Static task
static1
Behavioral task
behavioral1
Sample
VoidOfSpace_Stable.2.3.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
VoidOfSpace_Stable.2.3.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
VoidOfSpace_Stable.2.3.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
VoidOfSpace_Stable.2.3.exe
-
Size
69.0MB
-
MD5
debbe2d6fa40bd07c714359701e0f2d9
-
SHA1
0c8bc32d00a7341cbf43f3ca3cae35b0fc63c58d
-
SHA256
0c08154214f59cafd969694ccf112f76865edbfd15f15d086a8ce8ad121cc3a9
-
SHA512
dbe275a3467ce21dc7fcaeca6edadcdc51de5485c1ed8c5d579f6d3ebd91054c9e3a9ff5a250140c384d31d42336fbf07b8e0e263892bafa0fee49c78a06eeb6
-
SSDEEP
1572864:/jddGvaZ2za8JBthhAQaRAVvhHUzqkbeIq6o3Lu4SYgCym0L27:rGvaZD8HzmQ++Z8qkbeIqz3LuLDL27
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-